{"id":32255,"date":"2017-05-22T05:30:18","date_gmt":"2017-05-22T13:30:18","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/visualstudioalm\/?p=32255"},"modified":"2019-02-14T15:51:39","modified_gmt":"2019-02-14T23:51:39","slug":"using-open-source-components-using-tfs","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/using-open-source-components-using-tfs\/","title":{"rendered":"Using Open Source Components? Using TFS?"},"content":{"rendered":"<p><a href=\"https:\/\/blogs.msdn.microsoft.com\/visualstudioalm\/2017\/03\/07\/open-source-scanning-in-visual-studio-team-services-with-whitesource-bolt\/\">Back in March<\/a>, I wrote about the <a href=\"https:\/\/marketplace.visualstudio.com\/items?itemName=whitesource.ws-bolt\">WhiteSource Bolt<\/a> extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I\u00e2\u20ac\u2122ve received is, <em>When can we have this for TFS too?<\/em> I\u00e2\u20ac\u2122m happy to announce that the extension now works with TFS on-prem TFS too. It comes with a 14-day trial, and if your using Visual Studio Enterprise, go to <a href=\"https:\/\/my.visualstudio.com\">https:\/\/my.visualstudio.com<\/a> for a 6-month activation code.<\/p>\n<p>To remind you what WhiteSource Bolt provides, you drop the task in your build definition and it automatically inventories your open source components and tells you what vulnerabilities you have or licenses you may need to check. Here\u00e2\u20ac\u2122s an example I did on a recent node.js project.\u00c2\u00a0 The build task ran for 58 seconds, inventoried 689 components. I was impressed that WhiteSource found 12 vulnerabilities, 9 of which were not available in the National Vulnerability Database! And for each vulnerability, there is a direct link to the top rated fix.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/Capture-PU.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-32265\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/05\/Capture-PU.png\" alt=\"WhiteSource Bolt invetories open source components and vulns\" width=\"1465\" height=\"973\" \/><\/a><\/p>\n<p>If you&#8217;re using open source, or aren&#8217;t sure whether you are, you owe it to yourself to check out this extension.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Back in March, I wrote about the WhiteSource Bolt extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I\u00e2\u20ac\u2122ve received is, When can we have this for TFS too? I\u00e2\u20ac\u2122m happy to announce that the extension [&hellip;]<\/p>\n","protected":false},"author":653,"featured_media":45953,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[226,1,249,251],"tags":[],"class_list":["post-32255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ci","category-devops","category-open-source","category-security"],"acf":[],"blog_post_summary":"<p>Back in March, I wrote about the WhiteSource Bolt extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I\u00e2\u20ac\u2122ve received is, When can we have this for TFS too? I\u00e2\u20ac\u2122m happy to announce that the extension [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/32255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=32255"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/32255\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/45953"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=32255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=32255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=32255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}